CVSS: 9.8EPSS: 24%CPEs: 20EXPL: 0CVE-2015-0395 – OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125)
https://notcve.org/view.php?id=CVE-2015-0395
21 Jan 2015 — Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Vulnerabilidad no especificada en Oracle Java SE 5.0u75, 6u85, 7u72, y 8u25 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con Hotspot. A flaw was found in the way the Hotspot garbage collector handled phantom references. An untr... • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 •
CVSS: 7.5EPSS: 1%CPEs: 18EXPL: 0CVE-2015-0407 – OpenJDK: directory information leak via file chooser (Swing, 8055304)
https://notcve.org/view.php?id=CVE-2015-0407
21 Jan 2015 — Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing. Vulnerabilidad no especificada en Oracle Java SE 5.0u75, 6u85, 7u72, y 8u25 permite a atacantes remotos afectar la confidencialidad a través de vectores desconocidos relacionados con Swing. An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox ... • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 •
CVSS: 10.0EPSS: 9%CPEs: 20EXPL: 0CVE-2015-0408 – OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309)
https://notcve.org/view.php?id=CVE-2015-0408
21 Jan 2015 — Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. Vulnerabilidad no especificada en Oracle Java SE 5.0u75, 6u85, 7u72, y 8u25 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con RMI. An improper permission check issue was discovered in the RMI component in OpenJDK. An untrusted Java application or applet... • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 •
CVSS: 7.5EPSS: 2%CPEs: 26EXPL: 0CVE-2015-0410 – OpenJDK: DER decoder infinite loop (Security, 8059485)
https://notcve.org/view.php?id=CVE-2015-0410
21 Jan 2015 — Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security. Vulnerabilidad no especificada en el componente Java SE, Java SE Embedded, JRockit en Oracle Java SE 5.0u75, 6u85, 7u72, y 8u25; Java SE Embedded 7u71 y 8u6; y JRockit R27.8.4 y R28.3.4 permite a atacantes remotos afectar la disponibil... • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 1%CPEs: 18EXPL: 0CVE-2015-0412 – OpenJDK: insufficient code privileges checks (JAX-WS, 8054367)
https://notcve.org/view.php?id=CVE-2015-0412
21 Jan 2015 — Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS. Vulnerabilidad no especificada en Oracle Java SE 6u85, 7u72, y 8u25 permite a usuarios remotos afectar la confidencialidad, integridad, y disponibilidad a través de vectores relacionados con JAX-WS. An improper permission check issue was discovered in the JAX-WS component in OpenJDK. An untrusted Java application or applet could use th... • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 •
CVSS: 10.0EPSS: 14%CPEs: 18EXPL: 0CVE-2014-6601 – OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982)
https://notcve.org/view.php?id=CVE-2014-6601
21 Jan 2015 — Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Vulnerabilidad no especificada en Oracle Java SE 6u85, 7u72, y 8u25 permite a atacantes remotos afectar la confidencialidad, integridad, y disponibilidad a través de vectores desconocidos relacionados con Hotspot. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted ... • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 •
CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 4CVE-2014-9471 – Ubuntu Security Notice USN-2473-1
https://notcve.org/view.php?id=CVE-2014-9471
15 Jan 2015 — The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command. La función parse_datetime en GNU coreutils permite a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una cadena de datos manipulada, tal y como fue demostrado por la cadena '--date=TZ='123'345'... • http://advisories.mageia.org/MGASA-2015-0029.html •
CVSS: 4.3EPSS: 2%CPEs: 18EXPL: 1CVE-2015-0220 – Ubuntu Security Notice USN-2469-1
https://notcve.org/view.php?id=CVE-2015-0220
14 Jan 2015 — The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a "\njavascript:" URL. La función django.util.http.is_safe_url en Django anterior a 1.4.18, 1.6.x anterior a 1.6.10, y 1.7.x anterior a 1.7.3 no maneja correctamente los espacios en blanco líder, lo que permite a at... • http://advisories.mageia.org/MGASA-2015-0026.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 8%CPEs: 18EXPL: 1CVE-2015-0221 – Ubuntu Security Notice USN-2469-1
https://notcve.org/view.php?id=CVE-2015-0221
14 Jan 2015 — The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service (memory consumption) via a long line in a file. La visualización django.views.static.serve en Django anterior a 1.4.18, 1.6.x anterior a 1.6.10, y 1.7.x anterior a 1.7.3 lee ficheros por líneas enteras, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de una lí... • http://advisories.mageia.org/MGASA-2015-0026.html • CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 4%CPEs: 18EXPL: 0CVE-2015-0222 – Ubuntu Security Notice USN-2469-1
https://notcve.org/view.php?id=CVE-2015-0222
14 Jan 2015 — ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries. ModelMultipleChoiceField en Django 1.6.x anterior a 1.6.10 y 1.7.x anterior a 1.7.3, cuando show_hidden_initial está configurado a 'True', permite a atacantes remotos causar una denegación de servicio mediante la presentación de valores duplicados, lo que provo... • http://advisories.mageia.org/MGASA-2015-0026.html • CWE-17: DEPRECATED: Code •